def predict(self, payload):
_input = np.array([])
for _, val in payload.inspected_value.items():
_input = np.append(_input, val)
for val in _input:
results = np.array([], dtype='uint8')
v1 = self.vectorizer.transform([val])
v2 = self.vectorizer2.transform([val])
results = np.append(results, self.logreg.predict(v1))
results = np.append(results, self.svm.predict(v1))
results = np.append(results, self.rf.predict(v1))
results = np.append(results, self.logreg2.predict(v2))
results = np.append(results, self.svm2.predict(v2))
results = np.append(results, self.rf2.predict(v2))
results = np.append(results, self.predict_rnn(val))
if np.argmax(np.bincount(results)) == 1:
log.info(f"Classifier predict True {val} - {results}")
rs.create(
Rule(rule=payload.srcIP,
type=RuleType.BLOCKED_HOST.value,
action=Action.BLOCK.value))
return True
log.info(f"Classifier predict False for {val} - {results}")
return False
def add_user():
log.info(f"adding new user- {request.get_json().values()}")
user = user_service.create(parse_user(request))
if user:
return jsonify(
UserPayload(id=user.id, username=user.username,
role=user.role).serialize())
else:
return Response(status=409, response="User already exist")
def validate_payload(payload):
rules = rs.get_all_rules_by_type(RuleType.INJECTION_ATTACK.value)
flag = False
for key, val in payload.inspected_value.items():
if key == 'url':
flag = inspect_payload_values(parse(val), rules)
else:
flag = inspect_payload_values(val, rules)
if flag:
break
log.info(f"Analyzer result for payload [values]- '{payload.inspected_value.items()}' is {flag}")
return flag
def download_db():
s3 = boto3.client(
's3',
aws_access_key_id=config.get_value('aws_access_key_id', ''),
aws_secret_access_key=config.get_value('aws_secret_access_key', ''))
try:
response = s3.download_file('waid-db', 'server.db', str(db_path))
log.info(f'Database Downloaded{response}')
return Response(status=200)
except ClientError as e:
log.debug(e)
return Response(status=500)
def validate_host(payload):
hosts = rs.get_all_rules_by_type(RuleType.BLOCKED_HOST.value)
srcIP = payload.srcIP
flag = False
for host in hosts:
flag = True if host.rule == srcIP and host.action == Action.BLOCK.value else False
if flag:
break
log.info(f"Analyzer result for payload [srcIP] - '{payload.srcIP}' is {flag}")
return flag
def upload_db():
s3_client = boto3.client(
's3',
aws_access_key_id=config.get_value('aws_access_key_id', ''),
aws_secret_access_key=config.get_value('aws_secret_access_key', ''))
try:
s3_client.upload_file(str(db_path), 'waid-db', 'server.db')
log.info(f'Database uploaded')
return Response(status=200)
except ClientError as e:
log.debug(e)
return Response(status=500)
def login(user):
db_user = get_user_by_mail(user.get("email"))
if db_user:
key = hashlib.pbkdf2_hmac('sha256',
user.get("password").encode('utf-8'),
db_user.salt, 100000)
is_same_key = key == db_user.password
if is_same_key:
return True, db_user
else:
log.info(
f"Password didnt match DB password for user - `{user.get('email')}`"
)
return False
log.info(f"No user with the mail `{user.get('email')}` in the DB ")
return False
def _server_flow(self, payload):
is_analyzer = config.get_value('is_analyzer', 'True')
is_classifier = config.get_value('is_classifier', 'True')
log.info(
f"Server Mode, Classifier is {'ON' if is_classifier else 'OFF'} "
f"and Analyzer is {'ON' if is_classifier else 'OFF'}")
if is_analyzer:
self._use_analyzer(payload)
if is_classifier and payload.anomaly_status != AnomalyStatus.ATTACK.value:
self._use_classifier(payload)
payload_service.create_payload_request(payload)
if payload.anomaly_status == AnomalyStatus.ATTACK.value:
return Response(status=403)
else:
return self._response()
def create(rule):
log.info(
f"Created Rule {rule.rule} as "
f"{'BLOCKED_HOST' if rule.type == RuleType.BLOCKED_HOST.value else 'INJECTION_ATTACK'}"
f" on Rule Table")
return dao.create_rule([rule])[0]
def collect_rules():
rules = rule_service.add_rules(request.json)
log.info(
f'Rules Collected -- Size: {len(request.json)} From : {request.remote_addr}'
)
return Response(status=200)
def create_rule():
log.info(f"Adding Rule - {request} ")
rv = rule_service.create(parse_rule(request))
print(rule_service.get_rules_of_today())
return jsonify(RulePayload(rv.id, rv.rule, rv.type, rv.action).serialize())
def send_receive(path):
log.info(f"Getting request - {request} from - {request.remote_addr}")
return flows.main_flow(request, path)